Learn365

This repository contains all the information shared during my Learn 365 Challenge. Learn 365 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for the whole year, it can be anything from infosec to general life. Follow me on Twitter for Regular Updates: Harsh Bothra. Huge thanks to Mehedi Hasan Remon, who originally created and maintained this repository.

S.NO | Mind Map --- | --- 1 | 2FA Bypass Techniques 2 | Scope Based Recon 3 | Cookie Based Authentication Vulnerabilities 4 | Unauthenticated JIRA CVEs 5 | Android Application Penetration Testing Checklist

Day | Topic --- | --- 1 | 2FA Bypass Techniques 2 | Regular Expression Denial Of Service 3 | SAML Vulnerabilities 4 | Unauthenticated & Exploitable JIRA Vulnerabilities 5 | Client-Side Template Injection(CSTI) 6 | Cross-Site Leaks (XS-Leaks) 7 | Cross-Site Script Includes (XSSI) 8 | JSON Padding Attacks 9 | JSON Attacks 10 | Abusing Hop-by-Hop Headers 11 | Cache Poisoned Denial of Service (CPDos) 12 | Unicode Normalization 13 | WebSocket Vulns (Part-1) 14 | WebSocket Vulns (Part-2) 15 | WebSocket Vulns (Part-3) 16 | Web Cache Deception Attack 17 | Session Puzzling Attack 18 | Mass Assignment Attack 19 | HTTP Parameter Pollution 20 | GraphQL Series (Part-1) 21 | GraphQL Vulnerabilities (Part-2) 22 | GraphQL WrapUp (Part-3) 23 | Password Reset Token Issues 24 | My previous works 25 | Salesforce Security Misconfiguration (Part-1) 26 | Salesforce Security Misconfiguration (Part-2)) 27 | Salesforce Configuration Review (Wrap) 28 | Common Business Logic Issues: Part-1 29 | Common Business Logic Issues (Part-2) 30 | Common Business Logic Issues (Wrap) 31 | Captcha Bypass Techniques 32 | Pentesting Kibana Service 33 | Pentesting Docker Registry 34 | HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1) 35 | HTML Scriptless Attacks / Dangling Markup Attacks (Wrap) 36 | Pentesting Rsync Service 37 | CRLF Injection 38 | Pentesting FTP Service 39 | OpenID Connect Implementation Issues 40 | Cookie Based Authentication Vulnerabilities 41 | Cobalt Vulnerability Wiki - Resource 42 | Race Conditions 43 | SMTP Open Relay Attack 44 | Pentesting BACNet 45 | API Security Tips 46 | Pentesting SSH - Talk 47 | CORS Misconfiguration 48 | Incomplete Trailing Escape Pattern Issue 49 | Pivoting & Exploitation in Docker Environments - Talk 50 | Detect Complex Code Patterns using Semantic grep - Talk 51 | Student Roadmap to Become a Pentester - Talk 52 | Hacking How-To Series - Playlist 53 | JS Prototype Pollution 54 | JSON Deserialization Attacks 55 | Android App Dynamic Analysis using House 56 | Testing IIS Servers 57 | Secure Code Review - Talk 58 | JSON Interoperability Vulnerabilities - Research Blog 59 | HTTP Desync Attacks - Talk 60 | XSLT Injection 61 | Bypassing AWS Policies - Talk 62 | Source Code Review Guidelines - Resource 63 | All of the Threats: Intelligence, Modelling and Hunting - Talk 64 | Hidden Property Abuse (HPA) attack in Node.js - Talk 65 | HTTP Request Smuggling in 2020 - Talk 66 | Dependecy Confusion Attack - Blog 67 | Format String Vulnerabilities - Webinar 68 | Mobile Application Dynamic Analysis - Webinar 69 | Insecure Deserialization - Talk 70 | Web Cache Entanglement - Talk + Blog 71 | OWASP AMASS - Bootcamp 72 | Offensive Javascript Techniques for Red Teamers 73 | Basic CMD for Pentesters - Cheatsheet 74 | Investigating and Defending Office 365 - Talk 75 | WinjaCTF 2021 Solutions - Blog 76 | Kubernetes Security: Attacking and Defending K8s Clusters - Talk 77 | AWS Cloud Security - Resources 78 | WAF Evasion Techniques - Blog 79 | File Inclusion - All-in-One 80 | DockerENT Insights - Tool Demo Talk 81 | ImageMagick - Shell injection via PDF password : Research Blog 82 | Offensive GraphQL API Pentesting - Talk 83 | Bug Bounties with Bash - Talk 84 | Chrome Extensions Code Review - Talk 85 | Server-Side Template Injection - Talk 86 | Exploiting GraphQL - Blog 87 | Exploiting Email Systems - Talk 88 | Hacking with DevTools - Tutorial 89 | Common Android Application Vulnerabilities - Talk 90 | SAML XML Injection - Research Blog 91 | Finding Access Control & Authorization Issues with Burp - Blogs 92 | OAuth 2.0 Misimplementation, Vulnerabilities, and Best Practices - Talk 93 | JWT Attacks - Talk 94-102 | Random Readings 103 | Attacking Ruby on Rails Applications - Whitepaper 104 | Pentesting a Chrome Extension: Real Life Case Study - Blog 105 | XXE Simplified - Blog 106 | Web Hacking Pro Tips #9 with @zseano - Talk 107 | JS Prototype Pollution - Blog 108 | XSS via GraphQL Endpoint - Blog 109 | WS-2016-7107: CSRF tokens in Spring and the BREACH attack - Blog 110 | AWS SSRF Metadata Leakage - Blog 111 | Burp Suite Extension Development - Blog 112-115 | Random Readings 116 | Hacking OAuth Apps Pt-1 - Tutorial 117 | Portable Data exFiltration: XSS for PDFs - Blog 118 | PoC code and a case study on Task Hijacking in Android explaining how and why it works. (aka StrandHogg) - Blog 119 | OAuth - Flawed CSRF Protection - Tutorial 120 | Hacking Electron Apps with Electronegativity - Talk 121 | Awesome ElectronJS Hacking Resources 122 | Pentesting Blockchain Solutions - Tutorial 123-124 | Random Readings 125 | Oversized XML Attack - Wiki 126 | XML Complexity Attack in Soap Header - Wiki 127 | Web Service Attacks [Remaining] - Wiki 128 | Domain Hijacking Via Logic Error - Gandi And Route 53 Vulnerability - Blog 129 | Automating Recon with Axiom - Talk 130 | Testing Extensions in Chromium Browsers - Blog 131 | iOS Pentesting Series Pt. - 1 - Tutorial 132 | DNS Based Out of Band Blind SQL injection in Oracle — Dumping data - Blog 133 | GitDorker Talk - Talk 134 | Mobisec 2020 Slides - Slides & Videos 135 | Web App Pentesting in Angular Context - Blog 136 | RCE in Homebrew - Blog 137 | WordPress Plugin Security Testing Cheat Sheet - Wiki 138 | JavaScript prototype pollution: practice of finding and exploitation - Blog 139 | HowTo: intercept mutually-authenticated TLS communications of a Java thick client - Blog 140 | UBERNETES NAMESPACES ISOLATION - WHAT IT IS, WHAT IT ISN'T, LIFE, UNIVERSE AND EVERYTHING - Blog 141 | Frag Attacks - Wiki 142 | Free Automated Recon Using GH Actions - Talk 143 | DAY[0] Episode 66 - BlackHat USA, Pre-Auth RCEs, and JSON Smuggling - Talk 144 | Bug hunter adventures - Talk 145 | Static Analysis of Client-Side JS Code - Blog 146 | Method Confusion In Go SSTIs Lead To File Read And RCE - Blog 147 | Finding and Exploiting Unintended Functionality in Main Web App APIs - Blog 148 | SecuriTEA & Crumpets - Episode 6 - Gareth Heyes - Hackvertor - Talk 149 | [GraphQL CSRF - Blog](/days/